EL CORONEL BAULARD Y SU INFLUENCIA EN LOS REFUGIADOS ESPAÑOLES

Module in NETASQ’s Administration Suite that allows configuring firewalls.

Non-repudiation

The capacity of parties involved in a transaction to attest to the participation of the other person in the said transaction.

NTP (Network Time Protocol)

Protocol that allows synchronizing clocks on an information system using a network of packets of variable latency.

O

O

Object

Objects used in the configuration of filter or address translation. These may be hosts, users, address ranges, networks, service, protocols, groups, user groups and network groups.

OS detection

A method of determining the operating system and other characteristics of a remote host, using tools such as queso or nmap.

OSI

International standard defined by ISO describing a generic 7-layer model for the interconnection of heterogeneous network systems. The most commonly-used layers are the “Network” layer, which is linked to IP, the “Transport” layer, linked to TCP and UDP and the “Application” layer, which corresponds to application protocols (SMTP, HTTP, HTTPS, IMAP, Telnet, NNTP…).

P

P

Pack

Refers to a unit of information transported over a network. Packets contain headers (which contain information on the packet and its data) and useful data to be transmitted to a particular destination.

Packet analyzer

When an alarm is raised on a NETASQ Firewall, the packet that caused this alarm to be raised can be viewed. To be able to do so, a packet viewing tool like “Ethereal” or “Packetyzer” is necessary. Specify the selected tool in the Packet analyzer field, which Reporter will use in order to display malicious packets.

Partition

A section of disk or memory that is reserved for a particular application.

PAT (Port Address Translation)

Modification of the addresses of the sender and recipient on data packets. Changes in IP address involve the PAT device's external IP address, and port numbers, instead of IP addresses, are used to identify different hosts on the internal network. PAT allows many computers to share one IP address.

Peer-to-peer

Workstation-to-workstation link enabling easy exchange of files and information through a specific software. This system does not require a central server, thus making it difficult to monitor.

Ping (Packet Internet Groper)

An internet utility used to determine whether a particular IP address is accessible (or online). It is used to test and debug a network and to troubleshoot internet connections by sending out a packet to the specified address and waiting for a response.

PKI (Public Key Infrastructure)

A system of digital certificates, Certificate Authorities and other registration authorities which verify and authenticate the validity of parties involved in an internet transaction.

Plugin

An auxiliary program that adds a specific feature or service to a larger system and works with a major software package to enhance its capacity.

Port redirection (REDIRECT)

The use of a single IP address to contact several servers.

Port scanning

A port scan is a technique that allows sending packets to an IP address with a different port each time, in the hopes of finding open ports through which malicious data can be passed and discovering flaws in the targeted system. Administrators use it to monitor hosts on their networks while hackers use it in an attempt to compromise it.

PPP (Point-to-Point Protocol)

A method of connecting a computer to the internet. It provides point-to-point connections from router to router and from host to network above synchronous and asynchronous circuits. It is the most commonly used protocol for connecting to the internet on normal telephone lines.

PPPoE (Point-to-Point Protocol over Ethernet)

A protocol that benefits from the advantages of PPP (security through encryption, connection control, etc). Often used on internet broadband connections via ADSL and cable.

PPTP (Point-to-Point Tunneling Protocol)

A protocol used to create a virtual private network (VPN) over the Internet. The internet being an open network, PPTP is used to ensure that messages transmitted from one VPN node to another are secure.

Private IP Address

Some IP address ranges can be used freely as private addresses on an Intranet, meaning, on a local TCP/IP network. Private address ranges are

172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 10.0.0.0 to 10.255.255.255

Private Key

One of two necessary keys in a public or asymmetrical key system. The private key is usually kept secret by its owner.

Protocol analysis

A method of analysis and intrusion prevention that operates by comparing traffic against the standards that define the protocols.

Protocols

A set of standardized rules which defines the format and manner of a communication between two systems. Protocols are used in each layer of the OSI model.

Proxy

System whose function is to relay connections that it intercepts, or which have been addressed to it. In this way, the proxy substitutes the initiator of the connection and fully recreates a new connection

to the initial destination. Proxy systems can in particular be used to carry out cache or connection filter operations.

Proxy server (See Proxy).

Public key

One of two necessary keys in a public or asymmetrical key cryptography. The public key is usually made known to the public.

PVM (Parallel Virtual Machine)

Software that enables using a set of UNIX workstations linked to a network much like a parallel workstation.

Q

Q

QID

QoS queue identifier.

QoS (Quality of Service)

A guaranteed throughput level in an information system that allows transporting a given type of traffic in the right condition, i.e., in terms of availability and throughput. Network resources are as such optimized and performance is guaranteed on critical applications.

R

R

RADIUS (Remote Authentication Dial-In User Service)

An access control protocol that uses a client-server method for centralizing authentication data. User information is forwarded to a RADIUS server, which verifies the information, then authorizes or prohibits access.

RAID (Redundant array of independent disks)

Hardware architecture that allows accelerating and securing access to data stored on hard disks and/or making such access reliable. This method is based on the multiplication of hard disks.

Replay

Anti-replay protection means a hacker will not be able to re-send data that have already been transmitted.

RFC (Request for Comments)

A series of documents which communicates information about the internet. Anyone can submit a comment, but only the Internet Engineering Task Force (IETF) decides whether the comment should become an RFC. A number is assigned to each RFC, and it does not change after it is published. Any amendments to an original RFC are given a new number.

Router

A network communication device that enables restricting domains and determining the next network node to which the packet should be sent so that it reaches its destination fastest possible.

Routing protocol

A formula used by routers to determine the appropriate path onto which data should be forwarded. With a routing protocol, a network can respond dynamically to changing conditions, otherwise all routing decisions have to be predefined.

S

S

SA (Security Association) VPN tunnel endpoint.

SCSI (Small computer system interface)

Standard that defines an interface between a computer and it(s) storage peripherals, known for its reliability and performance.

Security policy

An organization's rules and regulations governing the properties and implementation of a network security architecture.

SEISMO

Module that allows the network administrator to collect information in real time and to analyze it in order to weed out possible vulnerabilities that may degrade the network. Some of its functions include raising ASQ alarms and maintaining an optimal security policy.

Session key

A cryptographic key which is good for only one use and for a limited period. Upon the expiry of this period, the key is destroyed, so that if the key is intercepted, data will not be compromised.

Signature

A code that can be attached to a message, uniquely identifying the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he claims to be.

Single-use password

A secure authentication method which deters the misuse of passwords by issuing a different password for each new session.

Slot

Configuration files in the NETASQ UNIFIED MANAGER application, numbered from 01 to 10 and which allow generating filter and NAT policies, for example.

SMTP (Simple Mail Transfer Protocol)

SMTP Proxy

A proxy server that specializes in SMTP (mail) transactions.

SNMP (Simple Network Management Protocol)

Communication protocol that allows network administrators to manage network devices and to diagnose network incidents remotely.

SSH (Secure Shell)

Software providing secure logon for Windows and UNIX clients and servers.

SSL (Secure Socket Layer)

Protocol that secures exchanges over the internet. It provides a layer of security (authentication, integrity, confidentiality) to the application protocols that it supports.

Star topology / Network

A LAN in which all terminals are connected to a central computer, hub or switch by point-to-point links. A disadvantage of this method is that all data has to pass through the central point, thus raising the risk of saturation.

Stateful Inspection

Method of filtering network connections invented by Check Point, based on keeping the connection status. Packets are authorized only if they correspond to normal connections. If a filter rule allows certain outgoing connections, it will implicitly allow incoming packets that correspond to the responses of these connections.

Static quarantine

A quarantine that the administrator sets when configuring the firewall.

Symmetrical key cryptography

A type of cryptographic algorithm in which the same key is used for encryption and decryption. The difficulty of this method lies in the transmission of the key to the legitimate user. DES, IDEA, RC2 and RC4 are examples of symmetrical key algorithms.

T

T

TCP (Transmission Control Protocol)

A reliable transport protocol in connected mode. The TCP session operates in three phases – establishment of the connection, the transfer of data and the end of the connection.

Throughput

The speed at which a computer processes data, or the rate of information arriving at a particular point in a network system. For a digital link, this means the number of bits transferred within a given timeframe. For an internet connection, throughput is expressed in kbps (kilobits per second).

Trace route

Trojan horse

A code inserted into a seemingly benign program, which when executed, will perform fraudulent acts such as information theft.

TTL (Time-to-Live)

The period during which information has to be kept or cached.

U

U

UDP (User Datagram Protocol)

One of the main communication protocols used by the internet, and part of the transport layer in the TCP/IP stack.

This protocol enables a simple transmission of packets between two entities, each of which has been defined by an IP address and a port number (to differentiate users connected on the same host).

Unidirectional translation (MAP)

This translation type allows you to convert real IP addresses on your networks (internal, external or DMZ) into a virtual IP address on another network (internal, external or DMZ) when passing through the firewall.

URL filter

Service that enables limiting the consultation of certain websites. Filters can be created in categories containing prohibited URLs (e.g. Porn, games, webmail sites, etc) or keywords.

URL (Uniform Resource Locator)

Character string used for reaching resources on the web. Informally, it is better known as a web address.

User enrolment

When an authentication service has been set up, every authorized user has to be defined by creating a “user” object. The larger the enterprise, the longer this task will take. NETASQ’s web enrolment service makes this task easier. If the administrator has defined a PKI, “unknown” users will now request the creation of their accounts and respective certificates.

UTM (Unified Threat Management)

Concept that consists of providing the most unified solution possible to counter multiple threats to information security (viruses, worms, Trojan horses, intrusions, spyware, denials de service, etc).

V

V

VLAN (Virtual Local Area Network)

Network of computers which behave as if they are connected to the same network even if they may be physically located on different segments of a LAN. VLAN configuration is done by software instead of hardware, thereby making it very flexible.

VPN (Virtual Private Network)

The interconnection of networks in a secure and transparent manner for participating applications and protocols – generally used to link private networks to each other through the internet.

VPN keep alive

The artificial creation of traffic in order to remove the latency time which arises when a tunnel is being set up and also to avoid certain problems in NAT.

VPN Tunnel

Virtual link which uses an insecure infrastructure such as the internet to enable secure communications (authentication, integrity & confidentiality) between different network equipment.

W

W

WAN (Wireless Area Network) Local wireless network.

Wi-Fi (Wireless Fidelity)

In document Evolución política de Andorra (1931-1939) (página 158-196)